ASB-2018.0306 - [Virtual] Palo Alto Expedition: Execute arbitrary code/commands - Remote/unauthenticated 2018-12-12

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2018.0306
           Security update for Palo Alto Networks Migration Tool
                             12 December 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Palo Alto Expedition
Operating System:     Virtualisation
Impact/Access:        Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2018-10143  
Member content until: Friday, January 11 2019

OVERVIEW

        Palo Alto Networks has addressed a remote code execution
        vulnerability in the Palo Alto Networks Migration Tool ("Expedition").
        
        The vendor has advised the issue affects the following versions:
        - Expedition 1.0.107 and earlier
        
        "This issue does not affect PAN-OS or any other supported product
        or service." [1]


IMPACT

        The vendor provided the following detail on the vulnerability:
        
        "Successful exploitation of this issue may allow an unauthenticated
        attacker with remote access to run system level commands on the device
        hosting this service/application."


MITIGATION

        The vendor advises updating to Expedition 1.0.108 or later to address
        this issue. [1]


REFERENCES

        [1] PAN-SA-2018-0017
            https://securityadvisories.paloaltonetworks.com/Home/Detail/138

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXBBZQGaOgq3Tt24GAQhD7hAAk2UBBOZb2tm89g/r2i2f+nq8lHhjMrEv
a3VJ0afw4xsAFHT0i8PMitLI0Z6DVxAi5hhdByMi5lMWUfCHTIlnK3Ehtq4RXd6o
cWwL1st4YasNLLBtbK+6M6E6oF2xCLBdRC6vthlhpbZVru5XJp6Jzjnscb3RjIcS
oMzdFUaGpPXwKz4RhVdVGUn8IR2bIrybkDAfCZ/knllyklqK+AGG0H/rdz1YlKGN
m9S/Pb/R78UWzP4rXjDlX99kzgQFara4/iVMl2LbrhjDVp4TTaMbC6qNv8kyOSeE
i9Odp+eX8+lZT4iZFhWi8nXambudVb09Ohe6I9F43X11zo/7076SyUVgzy+A/VKf
mbl0cX7drwBK/YbrNeR8LLtjx2+zeyP+fgzEZ1cQFSOFwIkIiJUmjLNot6tIJAwD
i7cnaTwTaR2sy+Yf6GnzAl5a//qNftki6IajktpDUD5uilmUU0/NxZ5A8qgH07uk
e6NJb+qs/cJbWjsBGgbKI4bpvewN8Zwo3BvWYRFPD2hnpOuXs+3/tcM4tjdfyiLg
XahQBMAMee40ODfCoVp4hmxOjUwflbWMz8R+OuAkbJ1FkQDpdeqP5+fyjeJizdtK
+mZ4cHX2ZaN8WCNoCGcccrRTVje/YiGoi9rsZPPtBKFqbH4nS92luekgI0y9ZZEk
6ZPjVbF7bKI=
=UO45
-----END PGP SIGNATURE-----

« Back to bulletins